Path Traversal Vulnerability in Eaton Products
CVE-2025-48394

4.7MEDIUM

Key Information:

Vendor: Eaton
Status: G4 Pdu
Vendor: CVE Published:; 6 August 2025

What is CVE-2025-48394?

A vulnerability exists in Eaton's products that allows attackers with authenticated and privileged access to exploit the command line interface (CLI) limited shell. By manipulating file paths, an attacker may gain unauthorized access to modify the contents of non-sensitive files. This issue has been addressed in the latest software release, which is available at the Eaton download center.

Affected Version(s)

G4 PDU 0 < 3.5.0

References

https://www.eaton.com/content/dam/eaton/company/news-insi...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2025
Vulnerability Reserved
May 20, 2025

Credit

Harry Sintonen